Replies: 2 comments 1 reply
-
|
Snaps can already run Wasm modules, but it sounds like the component model gives a way to sandbox these Wasm modules? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, rather than just running WASM modules, the component model allows you to specify what interface (or 'ABI') a WASM component (should) expose/implement. It's like Javascript modules but for WebAssembly. In addition, since each WASM module runs in it's own VM/sandbox, the security needs (as in isolation of execution) for snaps are also inherently tackled, both between Metamask and snaps and between individual snaps. In case of snaps, the boundary between the components (snaps) and host (metamask) are already defined in the current SES approach. To turn this into WASM, you'd need to specify these a language called Wasm Interface Type (WIT). There is already tooling to generate host bindings (for use in Metamask) and client bindings (for snap developers) in many language including Rust, Go (tinyGo & mainline Go) and Javascript. This may also simplify bringing snaps to other environments like mobile. Shipping an embedded WASM runtime is likely smaller, easier to interface with and easier to secure than embedding a browser (or other JS VM). Since there are ways to write WASM components in Javascript now, it may even be possible to wrap the existing snaps into WASM components should there be a need. |
Beta Was this translation helpful? Give feedback.
-
|
Very cool, I will share this with the team |
Beta Was this translation helpful? Give feedback.
-
Today snaps exclusively uses Secure ECMAScript as it's execution environment. However, as the WebAssembly Component Model matures, one wonders if it should be considered as a valuable execution environment for snaps. The sandboxing needs for snaps are inherently covered by WebAssembly. The main work left would be to define worlds to match the existing snaps APIs and wiring this up as an alternative to the SES-based execution environment.
The added benefits include broad language support (including Rust, Go and even JavaScript itself) with developer tooling already (being) build by the community.
Beta Was this translation helpful? Give feedback.
All reactions